BUG/MINOR: log: look for the end of priority before the end of the buffer

In parse_log_message(), the first loop looks for '>' that finishes the
priority field, and unfortunately it stops once it has checked the first
byte after the end of the buffer. This means that a priority made only
of digits for the whole buffer would read one extra byte. In practice
since pools have a tag at the end this is only detectable when using ASAN,
but this should be fixed nevertheless.

This can be backported to all versions.

It's worth noting that RFC5424 now says that the PRI field is 1..3
digits only, so maybe at some point we could seriously limit the
length as well.

diff --git a/src/log.c b/src/log.c
index 2a6f4c232e85c91c052c69a4f26b71e2131a2eb9..1acc1a0c4677bed60e7f669140ae7bf84cbc37c7 100644 (file)
--- a/src/log.c
+++ b/src/log.c
@@ -5499,7 +5499,7 @@ void parse_log_message(char *buf, size_t buflen, int *level, int *facility,
                        return;
                fac_level = 10*fac_level + (*p - '0');
                p++;
-               if ((p - buf) > buflen)
+               if ((p - buf) >= buflen)
                        return;
        }